The latest cybercrime statistics make for sobering reading, with a 75 per cent rise in ransomware attacks in the 2021/2022 financial year and up to 200,000 vulnerable routers in Australian homes and small businesses.
The Australian Cyber Security Centre’s (ACSC) most recent annual report states medium-sized businesses with between 20 and 199 employees are the most at risk of attack, with the average cost of an attack for a business of this size being $88,407.
While the risk of cyberattack remains high, there any many preventative measures businesses can put in place to reduce the risk of attack and, should one happen, reduce its severity.
1. Make a plan
Your approach to cyber security should have a clearly articulated strategy that’s regularly revisited. This should guide the actions taken by the business to ensure it adopts the latest cyber risk mitigation techniques. ACSC recommends adopting eight security controls to help prevent attacks. This framework is useful for directing a business’s actions around cyber security.
The controls include taking away unnecessary network administration privileges from employees who don’t need them and putting in place multi-factor authentication for access the network. These are described in more detail below.
2. Secure the business’ internet connections
Make sure all the points at which the business connects to the public internet, such as remote desktop applications, file sharing software and webmail are secure and not vulnerable to penetration by hackers. It pays to work alongside an experienced IT professional through this step.
3. Safeguard all devices
All the common tools your team uses to connect back to the business such as their laptops, tablets and smart phones also need to be secured to ensure they are not a back door through which criminals can enter a business and exploit its weaknesses.
“Medium-sized businesses with between 20 and 199 employees are the most at risk of attack”
4. Configure automatic updates for software
The business should be fully protected for viruses and spam through the protections of a suite of leading anti-virus anti-spam (AVAS) software solutions and intrusion detection systems. Make sure any patches and updates are automatically installed so you’re protected from emerging threats.
5. Automate back ups
Like software updates, data should be automatically and regularly backed up offsite to a system of servers not connected to the business. That way, if criminals do infiltrate the system, they cannot access back-ups through it and delete them. This means in the event of an attack, the business can be up and running in no time, having accessed the most recent back-up. These systems should also be regularly tested, well before an attack occurs.
6. Implement multi-factor authentication
It should be nearly impossible for criminals to get into a system if it has the right protocols in place. These can include, but are not limited to, multi-factor authentication and mandatory regular password updates. As a minimum, passwords should include a mix of lettering, numbers, symbols and cases. Passphrases are even better than passwords, as they can be harder to crack yet easier to remember.
7. Audit third parties
Criminals can gain access to your system through external parties such as suppliers if they can access your systems remotely. Regularly audit their cyber security protocols to identify and fix and insecurities through which hackers and scammers could access your business.
8. Train staff quarterly
Cyber security training should be a routine aspect of staff professional development. At least each quarter, train staff about the latest threats and run simulations to identify staff who are at risk of opening phishing emails.
9. Respond immediately to threats
Make sure to put protocols in place, so in the event of an attack, you can lockdown the system and stop criminals misusing it further.
10. Put in place a cyber insurance policy
Cyber policies can help businesses recover from an attack by paying for associated costs and helping to mitigate the effects.
Your broker can help you identify and address the cyber risks in your business. Talk to us today for your peace of mind.
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.